Please Do Not use setSecurityManager Or createSecurityManager. #472
Comments
|
Alternatively add a system property which can be set to disable it. |
|
@nallar Still not working T_T |
|
He was suggesting that it be added to FML. That's not a property currently. |
|
@Parker8283 All right. Thank you, sir. |
|
@PonyPC why? It won't be disabled. Delegation is a possibility, however, noone has given me a legitimate justification. What library are you using that provides a security manager in minecraft? |
|
@cpw I start java process by pass these arguments: ...... Djava.security.manager -Djava.security.policy=java.policy ....... to prevent a user upload plugin which can execute Runtime.getRuntime().exec(). |
|
@cpw if the FML request security manager and set null, the plugins also can set some privilege to skip limitation. |
|
Please provide full details, these half-bits are not useful. However we need to see your full setup in order to find a solution that protects everyone without opening a major hole for anyone that is not you. |
|
@LexManos please provide a property to disable FML setting its custom security manager. |
|
@LexManos I've seen that you created TerminalTransformer so the security manager in no longer necessary. It is extremely counter productive. Treat it as ability to toggle off signature check. In rare cases(apart from dev setup) it is really useful. Recently I had to quickly fix corrupted map. The breaking part were particles but there was no sign of which mod was causing it. Adding bits of code here ant there allowed me to fix it quicker than setting up whole dev space. |
|
@Kubuxu The thing is, that the transformer can be easily bypassed. So the security manager would still be necessary. |
|
Everything can be bypassed by requiring customized version of forge. It is necessary to find balance. If you are worried that some modders might require users to use this option just don't stop launch if security manager can't be changed or add option for suppressing this failure. |
|
@Kubuxu yeah! I totally agree with you. Please give us an option to disable or enable FML security manager, not stop launch. |
|
@PonyPC I am in the same situation as you. The worst case scenario is we would have to build each version our selves. But I don't like using extremely complex system for task like that. |
|
@Kubuxu OMG,we must build every new Cauldron and forge version to fix this problem |
|
@PonyPC "BUT any other plugins can overwrite custom security manager and set permission to touch root file, execute external commands, etc." This is actually incorrect if you understand anything about Security manager. I've spoken with cpw, the answer is No. Last time we removed it a slue of mods came out that did the exact thing we are preventing. If you are TRULY a server host then do your job and secure your servers. nothing that FML has done prevents you from doing so, The 'default' implementation is a joke which even with a nicely crafted policy list can EASILY be bypassed. So again. state your issues, provide the specifics of what security issues you're running into and we can address them. A simple 'omg remove it cuz I no like it' will not suffice. Sacrificing the security and end user experience will not fly, it is a sad day that we even need to THINK about a SecurityManager but we do. If it is THAT much of a issue you can EASILY write protection schemes into either plugins for Forge or custom versions of the Forge server for your service. 'Big job & headache @_@' .... big job.. right... its a 1 line change and 2 line build. This just shows that you have no idea what you're doing, or the ramifications of what you are asking. |
|
I think for once I actually completely agree with Lex here. Disabling custom security managers does NOT secure your server from Java attacks; you should be using proper sandboxing and virtualization instead. You shouldn't be running a server-hosting company if you can't provide proper security. |
|
One concession we could make Lex, is to provide a 'write protection' - specifically, add a system property that would stop any write/read attempts outside the game and assets dirs. I think this would have to default to off, but it could provide a compromise.. |
|
@-LexManos As I mentioned, I did not want to remove FMLSecurityManager. I just wanna a property to disable it which some people use their own java.policy file. Everyone can keep FML's security manager working. /****** And I also want to say: security is always the first things in internet even everywhere. @-briman0094 @-cpw disappointed, bye everyone |
|
@PonyPC If you want to do this right, you would create an account for each user, give them their own sandbox directory, and allow the permissions on their directory. GoDaddy did this for their hosting. I used PHP to pop open a shell, and I could only mess around inside my sandbox area. I could remove things, blow it up, but it wouldn't harm anyone else. If you don't sandbox, you aren't doing this right. If your customers have access to |
|
Along with @kenzierocks suggestion, you could use a chroot or something similar to prevent access to places the user shouldn't be. |
|
The PR I submitted should fix this, allowing for further securitymanager checks. |
Please Do Not use setSecurityManager Or createSecurityManager.
I'm a hosting to serve player's bukkit or mcpc.
And I have set the default java policy to prevent java attack or execute system command or view root files.
The FML detected if the createSecurityManager or setSecurityManager privilege exists, or stop going.
Any other server like bukkit , spigot , minecraft_server won't request these 2 functions.
Please! Please!
Thanks.
The text was updated successfully, but these errors were encountered: